Comment by andrepd
1 day ago
Great comment all around but
> jailbreaking / "prevent tampering"
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!
Funny how they just handwave it like it's a totally normal thing, like the insane situation with banking apps. Most people don't care as they run with whatever's available without modification, but we still should fight for the right to run the code we want on devices we own.
Consider the car analogy: if you want to drive on public roads, you need to drive an attested, unmodified vehicle that complies with the relevant regulations. If you want to play around and modify the car, that's fine, but then you don't get to use it around other people. You're also not allowed to buy some random, unknown Chinese or Indian car and drive it on the road. People already accept this when framed as a safety issue. I suspect they care more about their cars than their phones, and won't care about the requirements on the phone anyway because they're not planning to modify it, and as long as WhatsApp and Instagram keep letting them exchange shopping list additions and pictures of vacation cocktails, then what's the problem?
To be clear, I'm not in favor of a participation-in-society ban for jailbreaking your phone, but there's already precedent for it.
The analogy is a bit shaky IMO, as you can certify individual, heavily modified, foreign or even self-built cars in EU member states.
For cars, the local certification authority themselves decides what is road-worthy or not, not VW et al. You can add third party parts without the manufacturers consent. This is not the case for Android or iOS attestation, you're pretty much at the mercy of the foreign manufacturer and their local laws.
1 reply →
Cars can and do kill 1,500,000 people every single year, equivalent to a jumbo jet full of people every couple hours, plus an equal number of crippled and injured, plus untold number of pollution deaths. That's a ridiculous comparison (if anything cars are not regulated enough). Who am I endangering when running microg on my phone??
1 reply →